Start Here

Backup regularly and keep a recent backup copy encrypted on a separate system.

There are dozens of ways other than Ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands. If you are unsure if your system is being regularly backed up, contact Campus Shared Services IT (CSS-IT).

Don’t enable macros in document attachments received via email.

Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!

Do not open unsolicited email attachments.

The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, throw it out.

Forward suspicious emails and attachments to consult@berkeley.edu or call 510-664-9000 if you are unsure about the safety and/or authenticity of an email.

Don’t use more login power than you need.

Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Review network file share permissions.

System administrators should use this as an opportunity to review file share permissions for users and groups, using the principle of least privilege. Damage to network file shares (e.g. departmental share) can sometimes be limited using strict permissions.

Stay up to date on software patches/updates.

Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Adobe Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. If you are unsure if your system is being regularly patched, contact Campus Shared Services IT (CSS-IT).

Consider installing the Microsoft Office viewers.

Microsoft viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!

Ransomware is commonly delivered via Phishing emails that entice you to click a malicious link or download and open a malicious file attachment. Visit our Phishing resources page for tips on how to spot and avoid Phishing attacks.